In accordance with regulations and requirements, the editorial department's website domain has been changed to arocmag.cn. The original domain (arocmag.com) has been redirecting to new domain since Jan. 1st, 2025.
See More
App. Res. of Comp. Accepted Paper
Vol. 42, 2025 No. 7

Vulnerability detection method based on bidirectional data flow analysis and graph abstraction embedding

Cao Ziheng1
He Lifeng1
Jia Ou2
Zhang Mengying1
Liu Yu1
Guo Yichen1
1. School of Electronic Information & Artificial Intelligence, Shaanxi University of Science & technology, Xi'an 710021, China
2. Dept. of Art & Design, Beijing University of Chemical Technology, Beijing 102202, China
DOI: 10.19734/j.issn.1001-3695.2024.10.0436

Abstract

As cyberattacks and cybercrimes become increasingly severe, the accuracy and comprehensiveness of software vulnerability detection faces significant challenges. To address issues such as the difficulty of capturing complex semantics of interprocedural vulnerabilities, the incomplete analysis of data flow information, and the challenges in extracting vulnerability pattern features, this paper introduced a bidirectional data flow analysis vulnerability detection method based on LLVM IR and Bi-GGNN—BiG-BiD (Bi-GGNN based on Bidirectional DFA) . First, generating LLVM IR by compiling source code with LLVM, and constructing an ICFG(Interprocedural Control Flow Graph) to incorporate interprocedural vulnerability semantics. In addition, this paper proposed a novel ICFG abstract embedding method, DLAE (DFA Line-level Abstract Embedding) , combining abstract data flow with LLVM IR line-level vulnerability feature embedding to accurately represent potential vulnerability patterns in the code. Finally, training Bi-GGNN to dynamically simulate reaching definition analysis and live variable analysis within the ICFG, enabling dynamic propagation and updating of abstract data flows. Experimental results on the Big-Vul and Reveal public datasets show that BiG-BiD achieved a recall rate of 73.7%, outperforming existing static analysis tools and deep learning-based vulnerability detection models by 5%-38%. Additionally, this method successfully detected 23 CVE vulnerabilities across four open-source projects, that the model had never seen before, 10 of the vulnerabilities remain unpatched, demonstrating the effectiveness and generalization of the proposed method on vulnerability detection tasks.

Foundation Support

国家自然科学基金资助项目(61971272,61471227)

Publish Information

DOI: 10.19734/j.issn.1001-3695.2024.10.0436
Publish at: Application Research of Computers Accepted Paper, Vol. 42, 2025 No. 7

Publish History

[2025-03-11] Accepted Paper

Cite This Article

曹子亨, 何立风, 贾鸥, 等. 基于双向数据流分析与图抽象嵌入的漏洞检测方法 [J]. 计算机应用研究, 2025, 42 (7). (2025-03-14). https://doi.org/10.19734/j.issn.1001-3695.2024.10.0436. (Cao Ziheng, He Lifeng, Jia Ou, et al. Vulnerability detection method based on bidirectional data flow analysis and graph abstraction embedding [J]. Application Research of Computers, 2025, 42 (7). (2025-03-14). https://doi.org/10.19734/j.issn.1001-3695.2024.10.0436. )

About the Journal

  • Application Research of Computers Monthly Journal
  • Journal ID ISSN 1001-3695
    CN  51-1196/TP

Application Research of Computers, founded in 1984, is an academic journal of computing technology sponsored by Sichuan Institute of Computer Sciences under the Science and Technology Department of Sichuan Province.

Aiming at the urgently needed cutting-edge technology in this discipline, Application Research of Computers reflects the mainstream technology, hot technology and the latest development trend of computer application research at home and abroad in a timely manner. The main contents of the journal include high-level academic papers in this discipline, the latest scientific research results and major application results. The contents of the columns involve new theories of computer discipline, basic computer theory, algorithm theory research, algorithm design and analysis, blockchain technology, system software and software engineering technology, pattern recognition and artificial intelligence, architecture, advanced computing, parallel processing, database technology, computer network and communication technology, information security technology, computer image graphics and its latest hot application technology.

Application Research of Computers has many high-level readers and authors, and its readers are mainly senior and middle-level researchers and engineers engaged in the field of computer science, as well as teachers and students majoring in computer science and related majors in colleges and universities. Over the years, the total citation frequency and Web download rate of Application Research of Computers have been ranked among the top of similar academic journals in this discipline, and the academic papers published are highly popular among the readers for their novelty, academics, foresight, orientation and practicality.

Indexed & Evaluation

  • The Second National Periodical Award 100 Key Journals
  • Double Effect Journal of China Journal Formation
  • the Core Journal of China (Peking University 2023 Edition)
  • the Core Journal for Science
  • Chinese Science Citation Database (CSCD) Source Journals
  • RCCSE Chinese Core Academic Journals
  • Journal of China Computer Federation
  • 2020-2022 The World Journal Clout Index (WJCI) Report of Scientific and Technological Periodicals
  • Full-text Source Journal of China Science and Technology Periodicals Database
  • Source Journal of China Academic Journals Comprehensive Evaluation Database
  • Source Journals of China Academic Journals (CD-ROM Version), China Journal Network
  • 2017-2019 China Outstanding Academic Journals with International Influence (Natural Science and Engineering Technology)
  • Source Journal of Top Academic Papers (F5000) Program of China's Excellent Science and Technology Journals
  • Source Journal of China Engineering Technology Electronic Information Network and Electronic Technology Literature Database
  • Source Journal of British Science Digest (INSPEC)
  • Japan Science and Technology Agency (JST) Source Journal
  • Russian Journal of Abstracts (AJ, VINITI) Source Journals
  • Full-text Journal of EBSCO, USA
  • Cambridge Scientific Abstracts (Natural Sciences) (CSA(NS)) core journals
  • Poland Copernicus Index (IC)
  • Ulrichsweb (USA)